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REMARKS 


Reconsideration of the rejections set forth in the office action is respectfiilly requested in 
view of the foregoing amendments and following remarks. By this amendment, claims 1, 3, 5, 8, 
9, 10, 12, 14, 17, and 18 have been amended. Currentlyj claims L 3-10, and 12-18 are pending 
in this application. 

Examiner Duong is thanked for the courtesies extended during the telephone interviews 
on July 8, 2003, and July 1 5, 2003. During the interviews the rejections of the claims over Ma 
(U.S. Patent No. 5,953,338) and Arrow (U.S. Patent No. 6J 75,91 7) were discussed, as were the 
differences between the combination of Ma and Arrow and the present claims. Specifically, 
during the interview, applicant pointed out that Ma and Arrow both related to constructs on the 
Detwork that could be used by the network provider to establish tunnels on behalf of a subscriber. 
For example, Ma teaches a way for the network provider to adjust tlie bandwi dth of tunnels it has 
provided to customers, and Arrow teaches a way for the network provider to provision mnnels on 
behalf of the customers. The claims of this application, by contrast, relate to how to use the VPN 
resources after they have been provided to a subscriber. The Examiner suggested the claims be 
amended (as done by applicant in this Amendment) to clarify the claim language. 

1. Ma does not teach a VPN server 

As discussed in the interview. Ma teaches a network device that sits in the middle of the 
network and dynamically controls bandwidth assigned to VPN virtual channels, virtual paths, 
and groups of virtual paths. Ma does not teach a device which connects to tbe end of a VPN 
tunnel, such as the VPN server set forth in the claims. 
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Ma discloses a system for allocating bandwidth on an ATM switch to enable the ATM 
switch to enforce sendee level agreements with subscribers on the network. (Cols. 1 and 2). A 
process-* referred to as Connection Admission Control (CAC) is used to determine if the ATM 
switch and physical interfaces can support a requested virtual channel connection. (Col. 2, lines 
24-29). 

In the ATM network of Ma, virtual channel connections can only exist over virtual paths 
in the ATM oBtwork. (CoL 2, lines 33-34). A virtual path is thus a bundle of virtual channels. 
Virtual paths may also be grouped into groupings of virtue] paths. (Col 3, lines 27-30, and 42- 


In this framework.. Ma teaches a central control module that has the ability to manage 
these virtual paths and/or virtual channels on the network by dynamically controlling the 
assigned parameters, e,g- bandwidth, of the virtual channels or virtual paths. (Col- 3? lines 31- 
45), It does so to balance the needs of some clients against the needs of other clients who also 
have service level agreements on the network, to attempt to provide each client with the level of 
service specified in its contraci; agreement (see coL 7Jines 39-53. and Fig. 8). 

Accordingly, Ma teaches a construct that sits in the middle of the network and 

d3^namically adjusts the bandwidth to be provided to subscribers depending on network 

conditionSj usage^ etc,^ to try to allow all subscribers to liave the amount of bandwidth for which 

they have paid. Ma does not attempt to teach or suggest how a client device should use the 

bandwidth once it has been provided by the network provider (Col, 8, lines 5-6): 

Clients using the virtual private networlcs are responsible for accepting or 
rejecting calls when the virtual path network is in the overload condition. Clients 
of the virtual private network are also responsible ft>r prioritizing their own calls. 
For example, in an overload condition, one client may decide to drop calls using a 
first-in-first-out basis- while another client may decide to drop a data application 
call to accommodate a voice call 


45), 
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Accordingly, applicants respectfully submit that Ma fails to teach or suggest a VPN server or a 
network device that performs the fimctions of a VPN server, a$ set forth in the claims.. 

2. A person of ordinary skill in the. art would not import the functions of Ma into a VPN 
server 

The Examiner has agreed in the office action that Ma fails to teach that the server k a 
VPN server configured to at least one of authenticate, encapsulate, and de-encapsulate at least a 
portion of the packets. The Examiner has talten the position, however, that it would have been 
obvious to combine Ma with a VPN server. Applicants respectfully disagree. 

Ma teaches a device tliat sits in the middle of the network and is configured to adjust 
bandwidth provided to network subscribers. This is very different than a device that sits on the 
end of a VPN tunnel and is configured to manage bandwidtli on the VPN tuiuiel. Applicants 
respectfully submit that a person of ordinary skill in the art would not be motivated to utilize 
teachings of Ma in a VPN server context given tlie disparate places the network devices are used 
in the network and the disparate functions the network devices are to perform. 

3. Arrow does not teach a VPN server 

Arrow teaches a VPN jnaoagement station 160 that is configured to install VPN 
parameters on VPN units to enable them to engage each other over VPN tunnels through the 
network- Arrow thus sits in the middle of the network and provisions VPN tunnels on behalf of 
subscribers by interfacing with the end units on the network. Arrow has nothing to do with 
controlling tlie type or amount of traffic particular applications will later put through the VPN 
tunnels once the VPN tunnels have been established. 
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The Exajniner has taken the position that Arrow discloses a data communication system 
comprising a VPN management station 160 configured for authentication, encryption, and 
compression of packets. As support for this position, the Examiner has cited Fig. 13, and coK 15, 
lines 52-55. Applicants respectfully submit that tlie VPN management station 160 js not a VPN 
server that is configured to perfomi authentication, encryption, and/or compression of packets. 

Fig. 13j cited by the Examiner, is described by Arrow as "^a flow chart iUustrating some 
of the operatiotis performed by a VPN system manager to create a VPN in accordance with an 
embodiment of the present invention. (Col. 15. lines 29-32). CoL 15, lines 52-55, cited by the 
Examiner, states "In state 1310, the system manager defines VPN parameters for authentication, 
encryption) and compression functions to be associated with a newly created VPN.'' When read 
in context, it is clear that the VPN management station 160 is defining many parameters that will 
be associated with one or more VPN units to enable the VPN units to participate in VPN tunnels 
on the network. Thus, Arrow is clear that the VPN management station 1 60 is not defining these 
parameters for itself. Rather, the VPN management station 160 is setting up VPN tunnels for 
VPN units on the network, and one of the tasks it must do to set up a VPN tunnel is to define 
authentication, encryption, and compression functions to be used by the end units to that tunnel. 

4. Combhiing Ma and Arrow would not have met all limitations of the claims 
The Examiner has taken the position that it would have been obvious to include the VPN 
management station as taught by Arrow in Ma's system to protect and prevent unauthorized 
access of data traversing over public networks. AppHcants respectfully submit that even if Ma 
and Arrow were combined, they woul d not meet the limitations of the claims. 
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Specifically, as discussed above, Arrow's system allows an ISP or other provider to 
provision VPNs on behalf of clients. Ma enables an ISP to set up and dynamically change the 
bandwidth provisioned through VPN circuits and paths that have been established through the 
network. Combining these two systems would allow an ISP or other network service provider to 
set up a VPN tunnel on behalf of clients, and dynamically alter the amount of bandwidth 
provided to that tunnel through the network. The combination would not teach or suggest 
anything, however, about how the client should go about allocating the resource that has been 
provided by the network provider, or how the bandwidth should be used by internal applications 
that may be contending for access to the bandwidth that has been provided by the ISP* 

The combination of Arrow and Ma fails to teach or suggest a VPN server that meters 
packets belonging to an application group. Ma allows routers and switches on the network to 
alter the amount of bandwidth provided to a given VPN circuit/path/path group, but does not 
teach a VPN server that meters packets belonging to an application group. Arrow fails to make 
up this deficiency. Specifically, the VPN managenienl station 160 in Arrow does not meter 
packets but rather interfaces with VPN servers to enable them to set up VPN tunnels through the 
network. 

5, The independent claims reilect the differences between Ma, Arrow, and the 
combination of Ma and Arrow 

During the interview applicants discussed possible amendments with the Examiner that 

could be used to clariiy the differences between the present invention and the art cited by the 

Examiner. The Examiner suggested that Independent claim 1 be amended to recite in the 

preamble tl^at the method is for a VPN server, and that applicant clarify that the VPN server is 

performing the acts of assigning and metering packets. Applicants have amended independent 
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claim 1 as suggested by the Examiner and have made similar atneDdmeuls to the other 
independent claims. Applicants respectfully submit that these claims are now patentable over the 
art of record and respectfuJly request that they be allowed. 

Applicants note that these amendments are merely making explicit that which was 
already stated in the claim. Accordingly, the claim amendments are not narrowing amendments. 

Because the combination of Arrow and Ma fail to teach or suggest the limitations of 
claim U applicants respectfully request that the rejection of claim 1 under 35 U*S,C, 103 be 
withdrawn. Independent claims 3, 5> 8, 9^ 10, 12. 14, 17, and 18. contain similar Ujuitations and 
are therefore patentable for at least tlie same reasons. 

CoDcliision 

In view of foregoing claim amendments and remarks, it is respectfully submitted that the 
application is now in condition for allowance and an action to this effect is respectfully 
requested. If there are any questions or concerns regarding the amendments or these rernarks, 
the Examiner is requested to telephone the undersigned at the telephone number listed below. 

If any fees are due in connection with this filing, the Commissioner is hereby authorized 
to charge payment of the fees associated with this communication or credit any overpayment to 
Deposit Account No. 502246 (Ref: NN-1 3361), 

Respectfully Submitted 

Dated: .Tuly 3 1 , 2003 

J^h^ C, Grorecki 
Registration No. 38,471 

John C, Gorecki, Esq. 
Patent Attorney 
165 Harvard St. 
Newton, MA 02460 
Tel: (617) 796-9024 
Fax: (61 7) 795-0888 
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